Ubuntu Forum Hack Affects 1.8M, Time to Get a Password Manager

The official forums for the Linux Ubuntu OS have been offline following a security breach this weekend. An intruder reportedly gained access to 1.8 million user names and passwords as part of the attack. If you're among those affected, now would be a good time to get a password manager.

This site may earn affiliate commissions from the links on this page. Terms of use.

The official forums for the Linux Ubuntu OS have been offline following a security breach this weekend. An intruder reportedly gained access to 1.8 million user names and passwords as part of the attack. If you're among those affected, now would be a good time to get a password manager.

The attack was first reported on July 20, and the forum has since been replaced by a simple splash page. "Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database," reads the Ubuntu website. "The passwords are not stored in plain text, they are stored as salted hashes." Even so, the site advises that users who recycled their login information should change the passwords on all affected sites.

The UK Register reports that, prior to being taken offline, the Ubuntu forum had over 1.8 million registered users, 19,493 of whom are active on the site. The site, which is still offline as of writing, is apparently a major hub for the Ubuntu user and development community. Canonical, the company which manages Ubuntu releases, advises visitors to go elsewhere for the time being.

Make a Better PasswordAs we've so often said on SecurityWatch: you should get a password manager like our Editors' Choice award winners LastPass and Dashlane. These applications will not only remember all your passwords—and allow you to retrieve them from just about anywhere—but can generate new passwords as well. What's more, they detect when you've recycled passwords and can help immediately identify the sites that need to be changed.

Perhaps most importantly for those hit by the forum attack, both have Linux versions of their desktop applications.

LastPass in particular has a useful tool which will scan your saved login information and report whether any have been involved in a security breach. Ideally, password managers like these will help you keep strong, unique passwords for every one of your logins.

Still At RiskThough the 19,000-odd active users will be the most inconvenienced by the attack, everyone with an account on the site faces the potential for increased spam attacks, phishing, and having other accounts compromised. Even though the information obtained in the attack has been secured, it's very likely that some of the passwords will be unraveled. Even an email and a known interest in a particular subject—like Ubuntu—could be enough for a scammer to craft a devious phishing email.

Having your user information compromised has become part and parcel of simply using the Internet. Securing your passwords is a simple step that can offset some of the consequences of hacks like this.

Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps.
Prior to PCMag, Max wrote for the International Digital Times, The International Science Times, and The Mary Sue. He has also been known to write for Geek.com. You can follow him on...
More »